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ABSTRACT 

In this paper, we propose an inductive approach to prove 
positive almost sure termination of probabilistic rewriting 
under the innermost strategy. We extend to the probabilis¬ 
tic case a technique we proposed for termination of usual 
rewriting under strategies. The induction principle consists 
in assuming that terms smaller than the starting terms for 
an induction ordering are positively almost surely terminat¬ 
ing. The proof is developed in generating proof trees, mod- 
elizing rewriting trees, in alternatively applying abstraction 
steps, expressing the application of the induction hypothe¬ 
sis, and narrowing steps, simulating the possible rewriting 
steps after abstraction. This technique is fully automatable 
for rewrite systems on constants, very useful to modelize 
probabilistic protocols. 

Categories and Subject Descriptors 

F.3.1 [LOGICS AND MEANINGS OF PROGRA¬ 
MS]: Specifying and Verifying and Reasoning about Pro¬ 
grams— Logics of programs, Mechanical verification, Speci¬ 
fication techniques', F.4.2 [MATHEMATICAL LOGIC 
AND FORMAL LANGUAGES]: Grammars and Other 
Rewriting Systems; F.4.3 [MATHEMATICAL LOGIC 
AND FORMAL LANGUAGES]: Formal Languages— 
Algebraic language theory, G.3 [PROBABILITY AND 
STATISTICS]; 1.1.3 [SYMBOLIC AND ALGEBRA¬ 
IC MANIPULATION]: Languages and Systems— Eval¬ 
uation strategies', 1.2.3 [ARTIFICIAL INTELLIGEN¬ 
CE]: Deduction and Theorem Proving— Deduction, Infer¬ 
ence engines, Mathematical induction', D.3.1 [PROGRAM¬ 
MING LANGUAGES]: Formal Definitions and Theory; 
D.2.4 [SOFTWARE ENGINEERING]: Software/Pro¬ 
gram Verification— Correctness proofs, Formal methods, Va¬ 
lidation 

General Terms 

Algorithms, Languages, Verification 


Keywords 

Abstraction, Constraint, Narrowing, Probability, Termina¬ 
tion 

1. INTRODUCING THE PROBLEM 

Probabilistic rewriting has recently been introduced to 
modelize systems, where probabilistic and undeterministic 
phenomena are combined [5]. A lot of models of systems, 
formalisms or techniques have already been enriched with 
probabilities, but most of them are restricted to finite state 
systems. Let us cite automata based models [7, 33], Petri 
Nets [2, 29], process algebra [17], model checking techn- 
ques [21]. Note also the existence of the PRISM [22], and the 
APMC [18] tools. Rewriting allows for expressing complex 
relations on infinite sets of states in a finite way, provided 
they are countable. 

In the context of probabilistic rewriting, the problem of 
termination naturally arises and in [3], the notions of simple 
almost sure termination and positive almost sure (PAS in 
short) termination have been proposed, as well as a method 
based on interpretations on the reals to ensure the second 
property. The first termination notion expresses that the 
probability for a given rewriting derivation to terminate is 1; 
the second, stronger and more useful from a practical point 
of view, expresses that the mean length of the derivations 
from a term is finite. 

Then, in [4], rewriting strategies have been considered, 
and sufficient criterions, still based on interpretations on the 
reals, have been given for PAS termination under strategies. 

Here, we try to go one step further. In the previously 
cited paper, the considered strategies defined themselves 
with probabilities, expressing the ratio of the selection of 
a rule w.r.t to another. We tackle here the PAS termination 
problem for position strategies, defined by the position of 
the redexes in the terms to be rewritten, using an induc¬ 
tive approach we proposed for proving termination of non 
probabilistic rewriting under the innermost [10], the outer¬ 
most [11] and local strategies [9]. In this paper, we adapt 
our inductive technique to the probabilistic case, investigate 
how it then works, and give a class of systems for which it 
is of interest. 

We focus here on the innermost strategy, consisting in al¬ 
ways rewriting at the lowest possible positions. This strat¬ 
egy is widely used in programming. It is often used as a 
built-in mechanism in the evaluation of rule-based or func¬ 
tional languages. In addition, for non-overlapping or locally 
confluent overlay systems [14], or systems satisfying critical 



peak conditions [15], innermost termination is equivalent to 
standard termination (i.e. termination for standard rewrit¬ 
ing, which consists in rewriting without any strategy). Note 
that as proved in [19], termination of rewriting is equivalent 
for the leftmost innermost and the innermost strategies. 

A formalism has recently been proposed to extend the 
Constraint Handling Rule process with probabilistic capa¬ 
bilities applied to the rewrite rules themselves [12, 25, 26, 27, 
28]. This is, to our knowledge, the only alternative attempt 
to formalize probabilistic transitions using rule based lan¬ 
guages. Notice that these papers do not focus on techniques 
for proving termination of such systems. 

There are other works about termination with probabil¬ 
ities, but in the context of concurrent programs [31, 30]. 
They deal with almost sure termination, whereas we deal 
with positive almost sure termination. 

The basic idea of our approach is the following. We in¬ 
troduce the notion of innermost PAS (IPAS in short) ter¬ 
mination for a term, and suppose, for every term t of a 
ground term algebra, that the terms smaller than t for an 
induction ordering are IPAS terminating. We then try to 
deduce that t is also IPAS terminating. The principle of 
our inductive method lies on a double mechanism allowing 
to generate proof trees, which represent, by a lifting mech¬ 
anism, the rewriting trees of the ground terms: abstraction 
and narrowing. 

The paper is structured as follows. In Section 2, the back¬ 
ground is presented. Section 3 is devoted to definitions of 
probabilistic rewriting. In Section 4, the material for our 
inductive technique in the probabilistic case is defined. Sec¬ 
tion 5 gives the algorithm generating proof trees and the 
IPAS termination result for finite proof trees. Finally, Sec¬ 
tion 6 presents a generalization to a given class of infinite 
proof trees. 

2. THE BACKGROUND 

We assume that the reader is familiar with the basic def¬ 
initions and notations of term rewriting given for instance 
in [1, 8, 32]. T(F, X) is the set of terms built from a given 
finite set F of function symbols / having arity n £ N, and a 
set X of variables denoted x, y.... T(F) is the set of ground 
terms (without variables). The terms reduced to a symbol 
of arity 0 are called constants. Positions in a term are rep¬ 
resented as sequences of integers. The empty sequence t 
denotes the top position. Let p and p' be two positions. 
The position p is said to be (a strict) prefix of p' (and p' 
suffix of p) if p' = pX, where A is a non-empty sequence 
of integers. For a position p of a term t, we note t\ p the 
subterm of t at position p, and f[s] p the term obtained in 
replacing by s the subterm at position p in t. 

A substitution is an assignment from X to F(F, X ), writ¬ 
ten a = (x = t,... ,y = n). It uniquely extends to an 
endomorphism of T(F,X). The result of applying a to 
a term t £ T(F,X) is written a(t) or at. The domain 
of a, denoted Dom(a) is the finite subset of X such that 
ax x. The range of cr, denoted Ran(a), is defined by 
Ran(a) = Var(ax). An instantiation or ground 

substitution is an assignment from X to T(F). Id denotes 
the identity substitution. The composition of substitutions 
a i followed by 02 is denoted 0201 . 

A set 1Z of rewrite rules or rewrite system (RS in short) 
on T(F,X) is a set of pairs of terms of T(F,X), denoted 


l —♦ r, such that Var(r) C Var(l). Given a rewrite system 
IZ, a function symbol in F is called a constructor iff it does 
not occur in IZ at the top position of a left-hand side of 
rule, and is called a defined function symbol otherwise. The 
set of constructors of F for IZ is denoted Cr, and the set 
of defined function symbols T>r (IZ is omitted when there is 
no ambiguity). In this paper, we only consider finite sets of 
function symbols and of rewrite rules. 

The rewriting relation induced by IZ is denoted by — 

(—> if there is no ambiguity on IZ), and defined by s —> t 
iff there is a substitution a and a position p in s such that 
s| p = al for some rule l —> r of IZ, and t = sforjp. This is 
written s t where p, l —> r, a or IZ may be omitted; 

s| p is called a redex. The reflexive transitive closure of the 

* rt 

rewriting relation induced by IZ is denoted by —> . The 
innermost rewriting relation consists in always rewriting at 
the lowest possible positions. 

Let IZ be a rewrite system on T(F,X). A term t is 
narrowed into t', at the non-variable position p, using the 
rewrite rule l —> r of IZ and the substitution a, when cr is a 
most general unifier of t\ v and l, and t' = a(t[r] p ). This is de¬ 
noted t t' where p, l ^ r, a or IZ may be omitted. 

It is always assumed that there is no variable in common be¬ 
tween the rule and the term, i.e. that Var(l) fl Var(t) = 0. 

An ordering >- on T(IF, X) is said to be noetherian iff there 
is no infinitely decreasing chain for this ordering. It is mono¬ 
tone iff for any pair of terms t, t' of T (F, X), for any context 

/(. ),tyt' implies /(... t ...) >- /(... t '...). It has the 

subterm property iff for any t of T(F, X), /(... t...) y t. 

For F and X finite, if >- is monotone and has the sub¬ 
term property, then it is noetherian [20]. If, in addition, 
>- is stable under substitution (for any substitution a, any 
pair of terms t,t' £ T(F,X), tyt' implies at y at'), then 
it is called a simplification ordering. A RS IZ (innermost) 
terminates if and only if every (innermost) derivation of the 
rewriting relation induced by IZ is finite. For any term t of 
T(F), t (innermost) terminates if and only if every (inner¬ 
most) rewriting derivation starting from t is finite. 

3. PROBABILISTIC REWRITING 

A a-algebra on a set II is a set of subsets of Q which 
contains the empty-set, and is stable by countable union 
and complementation. In particular, the set of subsets is 
a natural cr-algebra for any countable set. A measurable 
space (O, a) is a set with a cr-algebra on it. A probability is 
a function P from a cr-algebra to [0,1], which is countably 
additive, and such that P(I2) = 1. A triplet (fi,cr, P) is 
called a probability space. For more details, see [16]. 

A stochastic sequence on a set A is a family (Xi)i £ N, of 
random variables defined on some fixed probability space 
(O, a, P) with values on A. 

Definition 1 (PARS). [3] Given some countable set 
S, we note Dist(S) for the set of probability distributions 
on S: p £ Dist(S) is a function S —> [0,1] that satisfies 
^2ies M*) = 1- 

A probabilistic abstract reduction system (PARS) is a pair 
A = (A, —>) consisting of a countable set A and a relation 
—>C A x Dist(A). A state a £ A with no p such that a —> p 
is said terminal. 

A PARS is said deterministic if, for all a, there is at most 
one p with a —> p. We denote Dist(A) for the set of distri¬ 
butions p with a —> p for some a. 




A history is a finite sequence aoai • • • a n of elements of the 
state space A. It is non-terminal if a n is as well. A history 
expresses the evolution of a PARS. 

Definition 2 (Deterministic Policy). [3] A (deter¬ 
ministic) policy <ft, that can also be called a (deterministic) 
strategy, is a function that maps non-terminal histories to 
distributions in such a way that </(aoai ■ ■ ■ a n ) = p is al¬ 
ways one (of the many possible) distribution p with a n —> p. 
A history is said realizable, if for all i < n, if pi denotes 
(p(aoai • • • af), one has pi(a,i+\) > 0. 

The above definition assumes that strategies must be deter¬ 
ministic. 

A derivation of A is then a stochastic sequence where the 
non-deterministic choices are given by some policy </, and 
the probabilistic choices are governed by the corresponding 
distributions. 

Definitions (Derivations). [3] A derivations of A 
over policy 4> is a stochastic sequence n = (7ri)igN on the set 
A U {_L} (where _L is a new element: _L / A) such that for 
all n, 

• P(: 7T n+ l = _L 17Tn = _L) = 1, 

• P( x n+ i = _L 17Tn = s) = 1 if s £ A is terminal, 

• P( 7r n +i = l-l^n = s) = 0 if s £ A is non-terminal, 

• and for all t £ A: 

P{jtn -\-1 = t\7V n — an,TVn — \ = On — 1 , • • • , TTO ~ Uo) = 

p(t) 

whenever aoai • • • a n is a realizable non-terminal history and 
p = (j>(aoai ... a n ). 

If a derivation is such that 7r„ = _L for some n, then 
7r„' = _L almost surely for all n! > n. Such a derivation is 
said to be terminating. If k is the greatest integer for which 
7T/C / _L, then nk is called a normal form (of 7ro). A non¬ 
terminating derivation is such that 7r„ £ A ( n n / -L) for all 
n. 

The following definition is generalized from [4] to a class 
of policies 4>. 

Definition 4 (PAS Termination). A PARS A = [A, 
—>) will be said positively almost surely (PAS) terminating 
(under a class of strategies $/ if for all policies rf> (£ 4?), 
for all states a £ A, the mean number of reduction steps 
before termination under policy f> starting from a, denoted 
by T[a,4 >\, is finite. 

Definition 5 (Probabilistic Rewrite system). [3] 
Given a set of terms T(P, X), a probabilistic rewrite rule is 
an element l —> M ofT(P,X) x Dist(T(P, X)), such that 
for every r £ T(P,X), if M(r) > 0, then Var(r) C Var(l). 

A probabilistic rewrite system is a finite set TZ of proba¬ 
bilistic rewrite rules. 

A probabilistic abstract reduction system (T(P , X), 
over the set of terms T(p, A) is associated to a probabilistic 
rewrite system where —>n is defined as follows. 

Definition 6 (Reduction relation). [3] The follow¬ 
ing PARS (T(P,X), —>) over terms is associated to a prob¬ 
abilistic rewrite system 7 Z as follows: t —>-r p iff there is a 
rule l —* M = (ri : pi,... ,rt : Pk) £ TZ, some position p in 
t, some substitution a, such that t\ p = &{T), and, for all t', 

) = J2 ri ,i£[l..k]\t'=t[a(ri)] p M ( r ii 


For example, with the probabilistic rewrite rule {f(x, y) —> 
g(a) : 1/21 y : 1/2} whose right hand side denotes the dis¬ 
tribution with value 1/2 on g(a) and value 1/2 on y, f{b, c) 
rewrites to g(a) with probability 1/2, to c with probability 
1/2 and f{b,g(a)) rewrites to g(a) with probability 1. 

Innermost probabilistic rewriting consists in always apply¬ 
ing the above definition at the lowest possible positions in 
the terms to be rewritten. 

A probabilistic rewrite system TZ is innermost positively 
almost surely (IPAS) terminating if the associated PARS is 
PAS terminating under the class of policies rf) corre¬ 

sponding to innermost rewriting derivations. 

A term t. on which no rule of TZ applies is said to be in 
normal form for TZ. If such a term t is on a(n) (innermost) 
rewriting derivation of a term u, then t is called (inner¬ 
most) normal form of u, and is noted m|. To every rewrit¬ 
ing derivation to,ti,... ,t n = to I corresponds a derivation 
7ro, 7Ti,..., 7r„, ir„+i,... where 7U = _L for i > n. 

Thus, in other words, a RS TZ is (innermost) PAS termi¬ 
nating if for every <j> (G &inn) the mean length of derivations 
reaching a normal form is finite. 

4. INDUCTIVELY PROVING POSITIVE AL¬ 
MOST SURE TERMINATION 

For proving that a probabilistic rewrite system on T(P) 
is IPAS terminating, we introduce a local notion of IPAS 
termination on terms, and prove this property for every term 
of T(P). 

Definition 7. Let TZ be a probabilistic rewrite system on 
T(P,X). A term t ofT(P) is said to be IPAS terminating 
if for every <j> £ the mean number T[t,<j>\ of rewriting 

steps from t with TZ under the strategy <j> before termination 
is finite. 

For proving that a term t of T(P) is IPAS terminating, 
we proceed by induction on T(P) with a noetherian order¬ 
ing >-, assuming the property for every t' such that t >- t 1 . 
To warrant non emptiness of T(P), and a basis for the in¬ 
duction, we assume that P contains at least one construc¬ 
tor constant. The main intuition is to observe probabilistic 
rewriting derivations starting from a ground term t £ T(p) 
which is any instance of a pattern g(x i,... ,x m ) & 
for some defined function symbol g £ V, and variables 
xi Proving the property of IPAS termination on 
ground terms amounts to proving that every ground instance 
of the patterns g(xi ,..., x m ) is IPAS terminating. 

Rewriting derivations are simulated, using a lifting mech¬ 
anism, by a proof tree developed from g(xi,...,x m ) on 
T(P,X), for every g £ V, by alternatively using two main 
concepts, namely narrowing and abstraction. More pre¬ 
cisely, narrowing schematizes the rewriting possibilities of 
terms. Abstraction simulates the reduction of subterms in 
the derivations until these subterms become normal forms. 
It expresses the application of the induction hypothesis on 
these subterms: if they are IPAS terminating, with a mean 
number of reduction steps, they rewrite into a normal form. 

The schematization of ground rewriting derivations is achi¬ 
eved through constraints. The nodes of the developed proof 
trees are composed of a current term of T(P, X), and a set 
of ground substitutions represented by a constraint progres¬ 
sively built along the successive abstraction and narrowing 
steps. Each node in an abstract tree schematizes a set of 



ground terms: all ground instances of the current term, that 
are solutions of the constraint. 

The constraint is in fact composed of two kinds of for¬ 
mulas: ordering constraints, set to warrant the validity of 
the inductive steps, and abstraction constraints combined to 
narrowing substitutions, which effectively define the relevant 
sets of ground terms. 

For a term t of T(F, X) occurring in a proof tree issued 
from a reference term t re f = g(x 1 ,..., x m ), 

• first, the ground instances of some subterms t\j of t 
(characterized by the constraint associated to t ) are 
supposed to be IPAS terminating, by the induction 
hypothesis, if 9t re f Ot\j for the induction ordering >- 
and for every 9 solution of the constraint associated to 
t. They are replaced in t by abstraction variables Xj 
representing respectively any of their normal forms, 
implicitely corresponding to one of the normal forms 
they have when rewriting under any policy <j> £ 
Reasoning by induction allows us to only suppose the 
existence of the normal forms without explicitly com¬ 
puting them. If the ground instances of the result¬ 
ing term are IPAS terminating (either if the induc¬ 
tion hypothesis can be applied to them, or if they can 
be proved IPAS terminating by other means, we will 
present later), then the ground instances of the initial 
term are IPAS terminating. Otherwise, 

• the resulting term u = £[-X/]{i ll ...,»p} (where ii,...,i p 
are the abstraction positions in t) is narrowed in all 
possible ways into distributions /x, according to the 
possible instances of the Xj . This corresponds to rew¬ 
riting ground instances of u (characterized by the con¬ 
straint associated to u ) according to all non-determini- 
stic choices and all probabilistic choices. Thus, all poli¬ 
cies <j> £ &inn are explicitely expressed by the narrow¬ 
ing mechanism. 

Then IPAS termination of the ground instances of t is 
reduced to IPAS termination of the ground instances of the 
terms v of the distributions p. Now, if 9t. re f y 9v for every 
ground substitution 6 that is a solution of the constraint 
associated to v, by the induction hypothesis, 9v is supposed 
to be IPAS terminating. Otherwise, the process is iterated 
on v, until we get a term t' such that either 9t. re f y 9t', or 
9t' can be proved IPAS terminating. 

This technique is inspired from the one we proposed for 
proving innermost termination of non probabilistic rewrite 
systems. 

We now introduce some concepts to formalize and auto¬ 
mate this mechanism. 

4.1 Ordering constraints 

The induction ordering is constrained along the proof by 
inequalities between terms that must be comparable, each 
time the induction hypothesis is used in the abstraction 
mechanism. 

This ordering is not defined a priori, but just has to verify 
inequalities of the form t > u i,... ,u m , accumulated along 
the proof, and which are called ordering constraints. Thus, 
for establishing the inductive termination proof, it is suffi¬ 
cient to decide whether ordering constraints are satisfiable. 

Definition 8 (ordering constraint). An ordering 
constraint is a pair of terms of T(F,X) noted (t > t'). It 


is said to be satisfiable if there is an ordering y, such that 
for every instantiation 9 whose domain contains Var(t) U 
Var(t'), we have 9t y 9t'. We say that y satisfies (t > t'). 

A conjunction C of ordering constraints is satisfiable if 
there is an ordering satisfying all conjuncts. The empty con¬ 
junction, always satisfied, is denoted by T. 

Satisfiability of a constraint conjunction C of this form is 
undecidable. But a sufficient condition for an ordering y-p 
on T(F, A) to satisfy C is that t y-p t' for every constraint 
t > t' of C, and y-p is stable under substitution. 

Simplification orderings fulfill such a condition. So, in 
practice, it is sufficient to find a simplification ordering yp 
such that t yp t' for every constraint t > t' of C. 

The ordering yp, defined on T(fF, X), can then be seen 
as an extension of the induction ordering >- on T(F). For 
convenience sake, yp will also be written >-. 

Solving ordering constraints in finding simplification or¬ 
derings is a well-known problem. The simplest way and an 
automatable way to proceed is to test simple existing order¬ 
ings like the subterm ordering, the Recursive Path Ordering, 
or the Lexicographic Path Ordering. This is often sufficient 
for the constraints considered here: thanks to the power of 
induction, they are often simpler than for termination meth¬ 
ods directly using ordering for orienting rewrite rules. 

If these simple orderings are not powerful enough, auto¬ 
matic solvers like Cime 1 can provide adequate polynomial 
orderings. 

4.2 Abstraction 

To abstract a term t at positions ii,... ,i p , where the t\j 
are supposed to have a normal form t\j\., we replace the t\j 
by abstraction variables Xj representing respectively any of 
their possible normal forms for any policy <j> £ <!>/„„. Let us 
define these special variables more formally. 

Definition 9. Let Af be a set of variables disjoint from 
X. Symbols of Af are called abstraction variables. Substitu¬ 
tions and instantiations are extended to T(F , X U A f) in the 
following way: for any substitution a (resp. instantiation 
9) such that Dom(a) (resp. Dom(9)) contains a variable 
X £ Af, aX (resp. 9X) is in innermost normal form. 

Definition 10 (term abstraction). The term 
^[^|j]je{*i,...,»p} sa, id b e abstracted into the term u (called 
abstraction of t) at positions {ii,..., i p } iff u = 
*[-^']j6{»i,...,ip}> where the Xj,j £ {i l7 ..., i p } are fresh dis¬ 
tinct abstraction variables. 

Termination on T(IF) is in fact proved by reasoning on 
terms with abstraction variables, i.e. on terms of T(F, X 
U Af). Ordering constraints are extended to pairs of terms 
of T(F, XUAf). When subterms t\j are abstracted by Xj, 
we state constraints on abstraction variables, called abstrac¬ 
tion constraints to express that their instances can only be 
normal forms of the corresponding instances of t\j. Initially, 
they are of the form f| = X where t £ T(F, X U Af), and 
X £ Af, but we will see later how they are combined with 
the substitutions used for the narrowing process. 

4.3 Narrowing 

After abstracting the current term t into t[Xj]j e { 
we test whether the possible ground instances of t[Xj]j e ^ li 

1 Available at http://cime.lri.fr/ 



are reducible, according to the possible values of the 
instances of the Xj. This is achieved by innermost narrowing 

To schematize innermost rewriting on ground terms, we 
need to refine the usual notion of narrowing. In fact, with 
the usual innermost narrowing relation, if a position p in a 
term t is a narrowing position, no suffix position of p can be a 
narrowing position as well. However, if we consider ground 
instances of t, we can have rewriting positions p for some 
instances, and p' for other instances, such that p' is a suffix 
of p. So, when using the narrowing relation to schematize 
innermost rewriting of ground instances of t, the narrowing 
positions p to consider depend on a set of ground instances 
of t, which is defined by excluding the ground instances of t 
that would be narrowable at some suffix position of p. For 
instance, with the RS R = {g(a) —> a,f(g(x)) —> b}, the 
innermost narrowing positions of the term f(g(X)) are 1 
with the narrowing substitution a = (X = a), and e with 
any a such that aX V a. 

Let a be a substitution on T (F, X U A f). In the following, 
we identify a with the equality formula /\ i (xt = ti), with 
Xi £ XU J\T, ti £ T( F, X U A/"). Similarly, we call negation 
a of the substitution a the formula V;( Xi V &)■ 

Definition 11. A substitution a is said to satisfy a con¬ 
straint /\j \Zi\xij tij), iff for every ground instantiation 
9, A, V, ( Oaxi . A 9ati-). A constrained substitution a is 

' * " t j \ 3 ' 3 ' 

a formula a 0 A /\j V, ( x ij A A,- )> where a 0 is a substitution, 
and Aj Vi ( Xi j 7 ^ tij) the constraint to be satisfied by ao- 

Definition 12 (inner, proba. narrowing). A term 
t £ T(F, X U A f) innermost narrows into a distribution p 
at the non-variable position p, using the rule l —> M = 
(ri : pi,...,rk ■ Pk) £ K with the constrained substitution 
a = cro A Ah6[i..m] which is written t P = («i : 

Pl,---,Vq -Pq) iff 

• <7 0 (l) = <7 0 (t\p) 

• for all Vj,j £ [l..q\,Vj = ao{t[ri] p ) for some i £ [l..fc] 

• P(vj)0p' = E ri ,i G [i..fc]|„. =CT0 (t[ T - l ] p ) M (n) 

where a 0 is the most general unifier of t and l at position 
p, and ah,h £ [l..m] are all the most general unifiers of crot 
and a left-hand side of rule ofTZ, at suffix positions ofp. 

Notice that we are interested in the narrowing substitution 
applied to the current term t, but not in its definition on the 
variables of the left-hand side of the rule. So, the narrowing 
substitutions we consider are restricted to the variables of 
the narrowed term t. 

4.4 Cumulating constraints 

Abstraction constraints have to be combined with the 
narrowing substitutions to characterize the ground terms 
schematized by the current term t in the proof tree. Indeed, 
a narrowing branch on the current term u with narrowing 
substitution <7 represents a rewriting branch for any ground 
instance of au. 

In addition, a has to satisfy the constraints on variables 
of u, already set in A. So, cr, considered as the narrowing 
constraint attached to the narrowing branch, is added to 
A. This leads to the introduction of abstraction constraint 
formulas. 


Definition 13. An abstraction constrained formula (AC- 
F in short) is a formula A,(bl = t’i) A f\j( x i — u i)> where 
Xj £ X U JV, ti,t'i, Uj, £ T(F, X U Af). 

Definition 14. An abstraction constrained formula A = 
Ai(til = t'f) A A j( x j = u i) is satisfiable iff there is at least 
one instantiation 6 such that AA^AI = 9t'f) A A (9xj = 
9uj). The instantiation 9 is then said to satisfy the ACF A 
and is called solution of A. 

For a better readability on examples, we can propagate 
a into A (by applying <r to A), thus getting instantiated 
abstraction constraints of the form til = t[ from initial ab¬ 
straction constraints of the form ti[ = Xi. 

An ACF A is attached to each term u in the proof trees; 
the ground substitutions solutions of A define the instances 
of the current term u, for which we are observing IPAS ter¬ 
mination. When A has no solution, the current node of the 
proof tree represents no ground term. Such nodes are then 
irrelevant for the proof. Detecting and suppressing them 
during a narrowing step allows us to control the narrowing 
mechanism, well known to easily diverge. So, we have the 
choice between generating only the relevant nodes of the 
proof tree, by testing the satisfiability of A at each step, or 
stopping the proof on a branch on an irrelevant node, by 
testing the unsatisfiability of A. 

Checking the satisfiability of A is in general undecidable, 
but it is often easy in practice to exhibit an instantiation 
satisfying it. Automatable sufficient conditions are also un¬ 
der study. The unsatisfiability of A is also undecidable in 
general, but simple automatable sufficient conditions can be 
used [13], as to test whether A contains equalities tj. = u, 
where u is reducible. In the following, we present the proce¬ 
dure exactly simulating the rewriting trees, i.e. dealing with 
the satisfiability of A. 

5. THE ALGORITHM 

We are now ready to describe the inference rules defin¬ 
ing our mechanism. They transform a set T of 3-tuples 
(U, A, C ) where U = {t} or 0, t is the current term whose 
ground instances have to be proved IPAS terminating, A 
is an abstraction constraint formula, C is a conjunction of 
ordering constraints. 

• The first rule abstracts the current term t at given po¬ 
sitions ii,...,i p into The constraint 

A i6{i i ip } tref > t\j is set in C. We do not need to 
associate any probability to the resulting term. The 
abstraction constraint A 1 t|,T = Xj is added 

to the ACF A. We call this rule Abstract. 

The abstraction positions are chosen so that the ab¬ 
straction mechanism captures the greatest possible nu¬ 
mber of rewriting steps: then we abstract all of the 
greatest possible subterms of t = f{t\,... ,t m ). More 
concretely, we try to abstract t \,..., t m and, for each 
ti = g(t'i ,..., t' n ) that cannot be abstracted, we try to 
abstract t'i,...,t' n , and so on. In the worst case, we 
are driven to abstract leaves of the term, which are 
either variables, or constants. 

Note also that it is not useful to abstract non narrow- 
able subterms of T(F,Af). Indeed, by Definition 9, 
every ground instance of such subterms is in normal 
form. 



• The second rale narrows the resulting term u, if it 
is not a term of T(C,Af), in all possible ways in one 
step, with all possible rewrite rales of the rewrite sys¬ 
tem IZ, and all possible substitutions, into distribu¬ 
tions Hi,..., (j, n , according to Definition 12. This step 
is a branching step, creating qi + ... + q n = q' states, 
where qi,i £ [l..n] is the number of terms (with prob¬ 
ability > 0) in the distribution fu. The substitution a 
is integrated to A. This is the Narrow rule. 

For example, if IZ is {/(x) —► g{x) : 1/2| h(x) : 1/2,/(a) 
—> a : l/10|i> : 9/10} then the state {{f(X),A,C)} 
generates the states ({</(X) : 1/2 }, AActi, C), ({ h(X ) : 
1 /2}, Af\a\,C), ({a : 1/10}, AA<j 2 , C), ({6 : 9/10}, AA 
(72, C) with the respective associated narrowing substi¬ 
tutions <71 = Id, <71 = Id, <72 = (X = a), <72 = (X = 
a). 

• We finally have a Stop rule halting the proof pro¬ 
cess on the current branch of the proof tree, when the 
ground instances of the current term can be stated as 
IPAS terminating. This happens when the whole cur¬ 
rent term u can be abstracted, i.e. when the induction 
hypothesis is applied to it, or when u £ T(tF,Af) and 
is not narrowablo. 

Let us note that the inductive reasoning can be completed 
as follows. When the induction hypothesis cannot be applied 
to a term it, it may be possible to prove IPAS termination of 
every ground instance of u in another way. Let IPAST(u) 
be a predicate that is true iff every ground instance of u is 
IPAS terminating. In the previous first and third steps of 
the inductive reasoning, we then associate the alternative 
predicate IPAST(u) to the condition t > u. It is true in 
particular when u £ T[IF, M) and is not narrowable, as said 
above. Otherwise, we can use the notion of usable rule, as 
in [13]. 

The rules are given in Table 1. They use a reference term 
tref = g{x 1 ,..., Xm), where Xi ,..., Xm € X and g £ V (if g 
is a constant, then t re f = g). Note that, when a rule applies 
to a state, the current term has an associated probability if 
it has been generated by Narrow, and does not have any 
if it has been generated by Abstract. Hence the notation 
{t{: p)} in Table 1. 

We generate the proof trees of 7 Z by applying, for each 
defined symbol g £ V, the inference rules using the refer¬ 
ence term t re j = g(x i, ..., Xm) on the initial set of 3-tuples 
{{{tref = g{xi ,..., Xm)}, T, T)}, with a specific strategy 
S, repeating the following steps: first, apply Abstract, 
and then try Stop. Then try all possible applications of 
Narrow. Then, try Stop again. 

Let us clarify that if A is satisfiable, the transformed forms 
of A by Abstract and Stop are also satisfiable. Moreover, 
the first application of Abstract generates A = {/\ i Xi{ = 
Xi), always satisfied by the constructor constant supposed 
to exist in T. Thus, with strategy S, it is useless to prove 
the satisfiability of A in the Abstract and Stop rules. 

The process may not terminate if there is an infinite num¬ 
ber of applications of Abstract and Narrow on the same 
branch of a proof tree. Nothing can be said in that case 
about termination. The process stops if no inference rule 
applies anymore. Then, when all branches of the proof trees 
end with an application of Stop, IPAS termination is estab¬ 
lished. 


Given a proof tree, to every policy is asso¬ 

ciated a deterministic subtree of the proof tree, called (j >- 
deterministic subtree of the proof tree, expressing only prob¬ 
abilistic choices. In practice, it is obtained by only consid¬ 
ering, at every branching node, the branches corresponding 
to a same probabilistic narrowing step, for a given position 
and a given rule. 

A finite proof tree or one of its subtrees is said to be 
successful if its leaves are states of the form (0,A, C). We 
write SUCCESS(g, >-) if the application of S on ({< 7 (xi,. .., 
x m )},T,T) gives a successful proof tree, whose sets C of 
ordering constraints are satisfied by the same ordering A. 


Proposition 1. Let 1Z be a probabilistic rewrite system 
on P{T,X) having at least one constructor constant. If 
there is a noetherian ordering >- such that for each symbol 
g £T>, we have SUCCESS(g,P), then every term ofT{F ) 
is IPAS terminating. 


In the proof of Proposition 1, the information given by 
probabilities is not used. This means that for RS’s whose 
proof trees are finite, our method works as in the non prob¬ 
abilistic case. This corroborates -and gives a formal proof 
of- the fact that if we remove the probabilities in a given 
RS, and replace the probabilistic choice by an undetermin- 
istic choice, innermost termination of the resulting RS im¬ 
plies IPAS termination of the initial probabilistic system. 
So the probabilistic extension of our inductive approach is 
of real interest for systems whose IPAS termination is due 
to a probabilistic argument on infinite rewriting chains. We 
investigate this case in the next section. 


Example 1. The following RS 


/(0,1, x) —> f(x, x, x) : 1 
g{x,y) -> x : 1/10 | y : 9/10 


whose non probabilistic transformation: 


/(0,1, x) * f (x, x, x) 
g{x,y) * x 
g{x, y) -+y 


is well known to be innermost terminating, illustrates the 
above purpose. 

Let us develop nevertheless the IPAS termination proof 
on the probabilistic RS to show how our technique works. 
The defined symbols of T are here / and g. Applying the 
rules on /(xi,X 2 ,X 3 ), we get: 



Table 1: Inference rules for IPAS-temination 


Abstract: 


_ A, C _ 

{«}, AA /\ tU^X^CA /\ Hem 


where t is abstracted into u at positions ii,... ,i p ^ e 
if C A f/c(t|n) ... A Hc(t\i p ) is satisfiable 


Narrow: 


{t{:p)}, A, C 
{vi'.pi}, A A a, C 


where i € [l..g] 

if t -wj"" p, = (vi : pi .. .v q : p q ) and A A a is satisfiable 


Stop: 


{t{:p)}, A, C 
0, AAH A {t), C A H c {t) 


if (C A Hc{t)) is satisfiable. 


and H A (t) 


T t is in T( IF, A f) and is not narrowable 

ti = X otherwise. 



if IP AST (t) 
otherwise. 


tref = f(x 1,X2,X 3 ) 

A = T 
C = T 

Abstract 

/( X 1 ,X 2 ,X 3 ) 

A = (ml = A'i A ml = A 2 A ml = X 3 ) 
C = (f(x 1,X 2 ,X 3 ) > Xl,X2,X 3 ) 


a=(X 1= 0AX 2 = l) 


Narrow 


f(X 3 ,X 3 ,X 3 ) : 1 

A = (ml = 0 A ml = 1 A ml = X 3 ) 
C = (/(m,m,m) > m,m,m) 

Stop 

I 


A = (xil = A'i A ml = X2 A x 3 [ = A3) 

C = (/(m,m,m) > m,m,m) 

Abstract applies since f(x i,X2,x 3 ) > xi,X2,x 3 is satis¬ 
fiable by any simplification ordering. 

Narrow applies because A A a = (ml = 0 Aml = lA 
ml = A 3 ), where a = (Ai = 0 A A '2 = 1), is satisfiable by 
any ground instantiation 9 such that 9x 1 = 0, 8 x 2 = 1 and 
9x 3 = 9X 3 = 0. 

Then Stop applies because f(X 3 ,X 3 ,X 3 ) is a non nar¬ 
rowable term whose all variables are abstraction variables, 
and hence we have IPAST (/( X 3 , X 3 X 3 )). 

Considering now gr(m,m), we get the proof tree in Ta¬ 
ble 2 . 

Abstract applies since gr(m,m) > m,m is satisfiable by 
any simplification ordering. 

Narrow applies because A A a = (ml = Ai Ami = X2), 
where a = Id, is satisfiable by any ground instantiation 9 
such that 6 *a;i = #A'i = 0 and 9 x 2 = 9X 2 = 0. 

Then Stop applies on both branches because A'i and A '2 
are abstraction variables, hence we trivially have IPAST( Ai) 


and IPAST{X 2 ). 

6. ONE STEP FURTHER: CONSIDERING 
INFINITE PROOF TREES 

Consider the following RS 1Z, which is IPAS terminating, 
but not terminating. 

Example 2. {a —> a : 1/2 | b : 1/2}. 

Here, innermost termination is equivalent to termination 
since we only have constants. 

The only defined symbol of IZ is a. So the previous algo¬ 
rithm generates the unique following proof tree: 


tref — 

A = T C = T 


Narrow 


a : 1/2 

A = T C = T 


Narrow 


a : 1/2 

A = T C = T 



b : 1/2 

A = T C = T 


Stop 

b : 1/2 
A = T C = T 


Narrow 


a : 1/2 

A = T C =T 


Narrow 




Stop 

b : 1/2 
A = T C = T 


Stop 

b : 1/2 
A = T C = T 



The first branch of this proof tree is infinite. Thanks to 
the lifting mechanism (obvious here since terms are con¬ 
stants), its represents the infinite rewriting branch of the 
derivation tree starting from a. All other possible branches 




Table 2: Proof tree of the symbol g in Example 1 


tref — , X 2 ) 

A = T 
C = T 

Abs|ract 

g{x u x 2 ) 

A = (x 1 \.=X 1 Ax 2 l=X 2 ) 
C = (g(xi,x 2 ) > xi, x 2 ) 



X 1 : 1/10 

A = (xi| = X\ A x 2 | = X 2 ) 
C = (g(xi,x 2 ) > xi,x 2 ) 

Stop 

I 


X 2 : 9/10 

A=(xi l=X 1 Ax 2 l=X 2 ) 
C = (g(xi,x 2 ) > xi,x 2 ) 

Stop 

I 


A = (xi| = Xi A X 2 I = X 2 ) A = (xil = X, A * 2 ! = X 2 ) 

C = (g(xi,x 2 ) > xi,x 2 ) C = (g(xi,x 2 ) > xi,x 2 ) 


are finite. If we now consider the narrowing steps with the 
probabilities defined by the rule used, we observe that the 
infinite branch has the probability l/2*l/2*l/2... = 0. But 
for every possible ground term represented by t re f (here, the 
only constant a), there is at least one finite branch. Then, 
by definition of IPAS termination, a is IPAS terminating. 
Let us now generalize and formalize this reasoning. 

Definition 15. A proof tree, whose root state is noted 
so, is said infinitely successful if for every 4> £ the 

<j>-deterministic subtree of the proof tree either is successful 
or fulfills the following conditions: 

• there is one branch starting from so with two states s m 
and s n such that s n = s m , 

• the states Si = ({ti : p;}, A;, Cf) on this branch between 
Sm and Sn are such that Ai = A m and Ci = C m , 

• every state on this branch from so until s n -i has only 
brother states that are roots of successful subtrees. 

Note that this definition subsumes the previous definition 
of successful proof tree given in Section 5. Note also that it 
implies that the sequence s m ,... , s„ defines a cycle. Indeed, 
strategy S applies the inferences rules in the same way on 
two equal states. Moreover, the cycle is unique because of 
the third condition of the definition. 

We write I—SUCCESS(g, y) if the application of S on 
{{t re f = g(x 1 , ..., a; m )},T, T) gives an infinitely successful 
proof tree, whose sets C of ordering constraints are satisfied 
by the same ordering A. 

Theorem 1. Let 7 Z be a probabilistic rewrite system on 
T(fF,X) having at least one constructor constant. If there 
is a noetherian ordering >- such that 

• for each symbol g £ V, we have I—SUCCESS(g, y), 


• for the cycle (si = {{U : p,}, A m ,C m ),i € [m..n] with 
s n = s m ), if it exists, of every <j>-deterministic proof 
subtree of the proof trees, there is i such that p-i < 1, 

then every term ofT(iF) is IPAS terminating. 

Consider now the branch from so to s n in Definition 15. 
We observe that if A and C do not change between s m and 
s n , then the Abstract rule has not been applied between 
the two states. Only the Narrow rule has been applied and 
with narrowing substitutions equal to Id (up to a variable 
renaming) on the given branch. 

The following proposition defines a class of RS’s fulfilling 
the above conditions on Abstract and Narrow. 

Proposition 2. Let 7 Z be a RS. If the possible cycles in 
the <j>-deterministic proof subtrees of the proof trees of IZ are 
such that: 

• the first term of the cycle is of the form f(x 1 ,..., x m ) 
where the Xi are either variables or constructor con¬ 
stants, and f can be a constant, 

• the successive rewrite rules of IZ used in the k Narrow 
steps of the cycle are of the form 

fj{x 1, ....xinj)-* Mj = | ij t ij : p i;i j € [: l..k] 

where xj,..., x J rnj are also either variables or construc¬ 
tor constants, and the fj can be constants, 

• fl(xl,...,xi ll ) = f(xi,...,Xm) 

• for j £ [l..fc — 1], the term ti j , for some ij, generated 
by the rule fj{x\,... ,x J mj ) —> Mj = | ij t ij : p i} on the 
branch of the cycle is equal to fj+i(x { +1 ,..., x ^ 1 x ) 
(if k = 1, this condition is void), 

• the term ti k , for some ik, generated by the rule fk(x 1 , 

—> Mk = I i k ti k : Pi k on the branch of the 
cycle is equal to f(x 1 ,..., x m ). 



then, the only inference rule applied in the steps of the cycles 
is Narrow, and with narrowing substitutions equal to Id. 

An important subclass of this class is the class A of RS’s 
on constants, like the RS of the previous example, whose 
(I)PAS termination can now be proved. 

Thanks to Theorem 1, the proof tree just has to be de¬ 
veloped as follows. The branch having a cycle is stopped as 
soon as the cycle is detected, i.e. when a same state arises 
twice on the branch. 


tref — a 


A = T C = T 


Narrow 

Y 



a : 1/2 

A=TC=T A 


b : 1/2 
= T C = T 


Stop 


0 


Another important subclass of this class is the class B of 
RS’s of the form 



a : 1/4 b: 3/4 


Stop 


V 

0 


In the second proof tree, Stop applies on a because a 
can be supposed to be (I)PAST by setting b > a for any 
noetherian ordering on constant terms. 

Note that on such an example, where the inductive prin¬ 
ciple is crucial, the real interpretation technique of [3, 4], is 
very hard to apply. Because this technique involves argu¬ 
ments that are local to one rule, and are not modular w.r.t 
rules, this is also the case for examples where the cycle is 
generated by more than one rule like {a —► c : 1, c —> a : 
1 /2|6 : 1/2}, and that we easily handle. 

Example 4- The two proof trees for {a —> c : l,c —> a : 
1 /2|6 : 1/2} are: 


-> Mj = | ij U i : pij, j £ [l..fc]} 

where 

• x \,..., x'l n are either variables or constructor con¬ 
stants, and the fj can be constants, 

• for each j £ [l..fc], at most one t-, is a left-hand side of 
rule fi(x\,... ,x l mi ) for some l £ [l../s], and the other 
ti ■ of Mj are not narrowable. 

For this class, it can even be proved that all proof trees 
are infinitely successful (with any simplification ordering). 

Proposition 3. Let 7 Z £ B. Then every proof tree of TZ 
is infinitely successful. 

If in addition, for every rule, at least one of the ti j of 
Mj is not narrowable, the second condition of Theorem 1 is 
fulfilled, hence the following result. 

Corollary 1. Let 7 Z £ B. If every rule ofIZ hat at least 
a non narrowable term in the distribution of its right-hand 
side, then TZ is IP AS terminating. 

The previous example can also be proved (I)PAS termi¬ 
nating directly using Corollary 1. 

This is not the case for the following RS, in the class A 
but not in B, that requires to develop the proof trees. 

Example 3. The RS {a —* a : l/4|c : 3/4,6 —> a : l/4|b : 
3/4} is (I)PAS terminating. The proof trees are: 


tref — a 


Narrow 



a : 1/4 c : 3/4 


Stop 


V 

0 


tref — a 


Narrow 


c : 1 


Narrow 



a : 1/2 


tref — C 


Narrow 



6 : 1/2 


Narrow a=id Stop 


c : 1 


Example 5. Consider the RS {/(0,1, x) —* /(0,1, x ) : 1/2 
f{x,x,x) : 1/2, g(x,y) -> x : 1/10 |y : 9/10}. 

The proof tree of g is the same as in Example 1. The 
proof tree of / is given in Table 3. 

Example 6. The following example involves constrained 
substitutions: 

{f(d(x)) -► 9 (a) ■ 1/21c : 1/2, g{a) -► g{a) : l/2|c : 1/2}. 

The proof tree of / is given in Table 4. 

The proof tree of g is similar. 

7. CONCLUSION 

In this paper, we have studied the termination problem 
of probabilistic rewrite systems. We have adapted the in¬ 
ductive technique, which we had proposed for termination 
of rewriting under strategies, to the probabilistic case. It 



Table 3: Proof tree of the symbol / in Example 5 


tref f (x 1 5 X 2 ; X 3 ) 

A 0 = T Co = T 

Abstract I 


f{X u X 2 ,X 3 ) 

Ai = (xi| = X \, x 2 l = X 2 ,x 3 [ = -^ 3 ) 
Ci = (f(xi,x 2 ,x 3 ) > Xl,X 2 ,X 3 ) 



Stop | 

0 


Table 4: Proof tree of the symbol / in Example 6 


tref = f(x) 

A 0 = T Co = T 


Abstract 

Y 



9 (a) : 1/2 

A 2 = (xi| = X A X — g(X') AX/d) 

Ci 


f(X) 

Ai = (xj = X) 
Ci = (/(*) > *) 


\a=(X=g(X , )AX^a) 


c : 1/2 

A2, Ci 


Narrow 


<T=Id 


Y 


3(a) : 1/2 
A a , Ci 



Stop 

0 


Stop 


Y 

0 



consists in generating proof trees modelizing rewriting trees 
on ground terms, by alternatively applying abstracting and 
narrowing steps. As a non-probabilistic RS can be seen as a 
probabilistic RS whose right-hand sides only have distribu¬ 
tions with a unique term of probability 1, the theorem given 
here subsumes the results given in [10, 13] for termination 
under the innermost strategy. 

We have also given a class of RS’s for which this general¬ 
ization is of interest. An interesting subclass of this class is 
composed by the RS’s on constants, like the first three ex¬ 
amples of Section 6. Indeed, constants can modelize states 
of automata used for expressing protocols, and it often hap¬ 
pens that probabilistic protocols regularly fall in the same 
state when they evolve. It can then be crucial to prove that 
such cycling situations have a null probability of occurring. 
Our technique allows it to happen. 

In a more general way, our application area can seem lim¬ 
ited, because of the restricted form of the rules in cycles we 
tackle at the moment, but most randomized algorithms [24] 
or telecommunication protocols (e.g. CSMA-CA protocol 

[6]) based on probabilistic arguments rely on very simple 
arguments involving very simple probabilistic rewrite rules. 
The reasoning for these rules, however, is often difficult to 
do [24]. This paper provides a way to do inductive reasoning 
for probabilistic systems. As far as we know, there have not 
been many investigations on this subject. 

Moreover, the completeness results of [3, 4], based on real 
interpretations, are nice from a theoretical point of view, 
but not constructive, and no algorithmic help exists yet, to 
exhibit ad-hoc interpretations. 

To the contrary, our method is operational. Detecting a 
cycle as specified in Definition 15 is automatable. As said be¬ 
fore, for our approach, there are sufficient conditions for test¬ 
ing the unsatisfiability of A, and C is often easy to satisfy. 
In the interesting case of RS’s on constants, A = C = T, 
and the method is completely automatable. 

Finally, note the important fact that, if 7Z is determinis¬ 
tic, innermost derivations are equivalent to standard deriva¬ 
tions. So, our proof technique also establishes PAS termi¬ 
nation of 1Z for the standard strategy. 

We now plan to generalize our theorem using infinite proof 
trees on a larger class of systems, and to investigate other 
techniques to ensure PAS termination. 
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APPENDIX 

Appendix 

This appendix contains the proof of the propositions 
and of the theorem. 

A. THE LIFTING LEMMA 

For the proof of Proposition 1, we need the following lift¬ 
ing lemma, which is a generalization to the probabilistic case 
of the innermost instance of the lifting lemma given in [13]. 

Lemma 1 (Proba. Innermost Lifting Lemma). Let 
7 Z be a probabilistic rewrite system. Let s £ T(IF,X), a a 
normalized ground substitution, and y C X a set of vari¬ 
ables such that Var(s) U Dom(a) C y. If as —> p []Am 
v = (ti : p", ■ ■ ■, t' n : p'ff) with M = (n : pi,..., r k ■ Pk), 
then there is a term s' £ T(IF,X) and substitutions (3, a = 

cro A Ahe[i..m] such that: 

1. s p = (s'i : pi,..., s’ q : p'q), 

2. q = n and for i £ [1 ..n],Pi = p" 

3. for i £ [l..n],(3s'i = t(, 

4. (3ao = a[y U Var(l)] 

5. /3 satisfies /\ h£[lm] cta • 

where <to is the most general unifier of s| p and l, and 
<jh,h £ [l..m] are all the most general unifiers of oos\ p > and 
a left-hand side l 1 of a rule of IZ, for all suffix positions p' 
of p in s. 

Recall the innermost instance of the lifting lemma given 
in [13], which is itself an adaptation to rewriting under 
strategies of the well-known lifting lemma of Middeldorp 
and Hamoen [23]. 

Lemma 2 (Innermost Lifting Lemma). Let IZ be a 
rewrite system. Let s £ T(IF,X), a a normalized ground 
substitution, and y C X a set of variables such that Far(s)U 
Dom(a ) C y. If as —> p ™A r t 1 , then there is a term s' £ 
T(T,X) and substitutions (3, a = ao A f\ he ^ such that: 

1. S —►r,£T S , 

2. (3s' = t’, 

3. (3>to = a\y U V ar(l)\ 

4. /3 satisfies A, l6[1 .. m] dp. 

where cro is the most general unifier of s| p and l and 
(Th,h £ [l..m] are all the most general unifiers of oos\ p ' and 
a left-hand side l' of a rule of IZ, for all positions p' which 
are suffix positions of p in s. 

Proof, of Lemma 1 

Let IZ be a probabilistic rewrite system. Let s £ T(IF, X), 
a a normalized ground substitution and y C X a set of 
variables such that Var(s) U Dom(a) C y. 

If as ^““m v = (ti : pi', ...,t' n : p”) with M = (n : 
Pi,... ,rk : Pk), then, by definition of probabilistic rewriting, 
as —> p "Am t'l '■ Pi, ■■■ ,t'k ’■ Pk, where t\ = t' for some possi¬ 
ble i and j, and for e € [l..n], p” = 'Er i ,ie[i..k]\t' e =t[cr(r i )] p Pi- 

By Lemma 2, there are the terms s(,...,s' k £ T(IF,X) 
and substitutions (3, o = ao A Aheri m] such that: 

• S s'i - Pi,..., 4 : Pk, 

• for i £ [1 ..k],(3s( = t(, 

• /3(Jo = a[y U Var(l)] 

• (3 satisfies A he[ i.. m] 


where ao is the most general unifier of s| p and l and a k ,h £ 
[l..m] are all the most general unifiers of <to«| p ' and a left- 
hand side l' of a rule of IZ, for all suffix positions p' of p in 
s. 

If we total the probabilities of the equal s(, according to 
Definition 12, we obtain s p = (s'i : p'i,..., s' q : 

P'q)- 

It remains to be proved that q = n and for i £ [l..n],pj = 
p". For any i and t(, and given a, the term s( and the 
substitution (3 such that /3s[ = t( are unique. Thus, if we 
have t( = t'j, then s( = s). Inversely, as (3s'i = t\, if s\ = s'j, 
then t'i =tj. So q = n and for i £ [l..n],p; = p". 

□ 

B. THE IPAS TERMINATION PROPOSIT¬ 
ION 

As a reminder, SUCCESS(g,y) means that the applica¬ 
tion of S on ({g(xi, ..., x m )}, T, T) gives a finite proof tree, 
whose sets C of ordering constraints are satisfied by the same 
ordering >-, and whose leaves are states of the form (0, A, C). 

Proposition 1. Let IZ be a probabilistic rewrite system on 
T(IF,X) having at least one constructor constant. If there 
is a noetherian ordering >- such that for each symbol g £ T>, 
we have SUCCESS(g, >), then every term ofT(IF) is IPAS 
terminating. 

Proof. We use an abstraction lemma, a narrowing lemma, 
and a stopping lemma, which are given after this main proof. 

We prove by induction on T (IF) that any ground instance 
9f(xi,..., Xm) of any term f(x i,...,x m ) £ T(IF,X) is 
IPAS terminating, i.e. that for all policies </>, T[6f(x i, ..., 
x m ), 4>] is finite. 

The induction ordering is constrained along the proof. At 
the beginning, it has to be at least noetherian and to have 
the constructor subterm property. Such an ordering always 
exists on T(IF) (for instance the embedding relation). Let 
us denote it >-. 

If / is a defined symbol, let us denote it g and prove that 
g(6x i,..., 9x m ) is IPAS terminating for any 9 satisfying 
A = T if we have SUCCESS—S (h,y) for every defined 
symbol h. Let us denote g(x i,..., x m ) by t Te f in the sequel 
of the proof. 

To each state s of the proof tree of g, characterized by a 
current term t and the set of constraints A, we associate the 
set of ground terms G = {at \ a satisfies A}, that is the set 
of ground instances represented by s. 

The Abstract inference rule (resp. Narrow) transforms 
({t},A,C) into ({t 1 }, A',C') to which is associated G' = 
{/3t' | (3 satisfies A!} (resp. into ({t[}, A(),i £ [1 ..q] to which 
are associated G' = {(3it'i \ (3i satisfies A'}). 

By abstraction (resp. narrowing) Lemma, when applying 
Abstract (resp. Narrow), for each reducible at in G, there 
is a (3t' (resp. there are (3it'f) in G' and such that IPAS ter¬ 
mination of (3t' (resp. of the ) implies IPAS termination 
of at. 

When the Stop inference rule applies on ({t}, A, C): by 
stopping lemma, every term of G = {at \ a satisfies A} is 
IPAS terminating. Therefore, IPAS termination is ensured 
for all terms in all sets G in the proof tree. 



As the process is initialized with {t re f} and a set A of ab¬ 
straction constraints satisfiable by any ground substitution, 
we get that g(9x \,..., 9x m ) is IPAS terminating, for any 
tref = g(xi,, Xm ), and any ground instance 6. 

If / is a constructor, either it is a constant, which is ir¬ 
reducible, and then IPAS terminating, or we consider the 
pattern f(x 1 ,..., x m ). The proof then works like in the case 
of defined symbols, but with just an application of Abstract 
and Stop. Indeed, f(x i,... , x m ) always abstracts into /(AT, 

..., Xm). Then Stop applies because /(AT,..., X m ) is not 
narrowable and all its variables are in M. 

□ 

Lemma 3 (Abstraction lemma). Let ({£}, A, C) be a 
state of any proof tree, giving the state ({£' = t[Xj]j e ^ il ^^ ip y} i 
A',C') by application of Abstract. 

For any ground substitution a satisfying A, if at is re¬ 
ducible, there is (3 such that IPAS termination of /3t' implies 
IPAS termination of at. Moreover, (3 satisfies A'. 

Proof. We prove that at ~^>s 13t', where f3 = all 

u,. . x :i = 

First, the abstraction positions in t are chosen so that the 
at\j can be supposed IPAS terminating. Indeed, each term 
t\j is such that: 

• either IPAST [S, t\j) is true, and then by definition of 
the predicate IPAST, at\j is IPAS terminating; 

• or tref > t\j is satisfiable by y, and then, by induction 
hypothesis, at\j is IPAS terminating. 

So, T[at\j,(p\ is finite for every policy </>, i.e. at\j is re¬ 
ducible to a normal form at\j[ with a finite mean length of 
derivation. Then, for every policy <f>, whatever the positions 
ii,... , ip in the term t , we have at * innermost at [o£|J,] ... 

Mipllip = j3t', and T[at, <j>\ = T[at\ il ,rj>\+.. .+T[at\ ip , (p}+ 
T\(3t!, <f>], Thus, as T[/3t ', (j>\ is finite, then T[at, <j>\ is as well. 

Finally, , (3 satisfies A ' = = X it ... AZ|i p | = X ip , 

provided the Xi are neither in A, nor in Dom(a), which is 
true since the Xi are fresh variables, neither appearing in 
A, nor in Dom(a). 

□ 

Lemma 4 (Narrowing lemma). Let ({ t},A,C ) be a 
state of any proof tree, giving the states ({wi : pi}, A' it Cj),i £ 
[1..Z], by application o/ Narrow. For any ground substitu¬ 
tion a satisfying A, if at is reducible, then, for each i £ [1..Z], 
there is f3i such that IPAS termination of the (3iVi,i £ [1..Z], 
implies IPAS termination of at. Moreover, f3i satisfies A) 
for each i £ [1..Z]. 

Proof. For any rewriting step at — v — {t'i '■ 
p",...,t' n : p'n), corresponding to any policy cp £ 4>/ nn , by 
Lifting Lemma, there is a term s' £ T(T,X) and substitu¬ 
tions (3, a = ao A A/ l g[i..m] sudl that: 

1 - S F = ( S 1 : Pll ■ ■ ■ I S 'q ’■ Pq)> 

2. q = n and for i £ [l..n],p( = p'/ 

3. for i £ [1 ..n\,(3s'i = t\, 

4. f3ao = ot[y U Var(l)\ 

5. (3 satisfies A/ ie[ i.. m ] °h- 


where ao is the most general unifier of s| p and Z and ay,, h £ 
[l..m] are all the most general unifiers of aos\ p < and a left- 
hand side Z' of a rule of IZ, for all suffix positions p' of p in 
s. 

All possible narrowing steps, corresponding to all possible 
policies cj >, are effectively produced in the proof tree by the 
Narrow rule, applied in all possible ways on t. Then, the 
narrowing step t (si : p[ ■ ■ ■ s' q : p' q ) is produced. 

We prove that IPAS termination of the f3is\,i £ [l..g] implies 
IPAS termination of at. 

We have T[at, 4>\ = p'\{l+T[f3is' 1 , 0]) + .. .+p'i(l+T[f3is'q, 
()>]). As the T[/3iSi, (p],i £ [l..g] are finite and q is finite, 
T[at, 4>\ is as well. 

Let us prove that (3 satisfies A! = A A ao A Ajgti k] AT 

By Lifting Lemma, we have a = (3ao on y. As we can 
take y D Var(A), we have a = )3ao on Var(A). 

More precisely, on Ran(ao), f3 is such that f3ao = a and 
on Var(A) \ Ran(ao), f3 = a. As Ran(ao) only contains 
fresh variables, we have Var(A) CiRan(ao) = 0, so V ar{A)\ 
Ran(ao) = Var(A). So (3 = a on Var(A) and then, (3 
satisfies A. 

Moreover, as f3ao = a on Dom(ao), f3 satisfies ao. 

So f3 satisfies A A <to- Finally, with the point 4. of the 
lifting lemma, we conclude that (3 satisfies A! = A A ao A 

Aj 6 [i..fc] a P 

□ 


Lemma 5 (Stopping lemma). Let ({£} , A, C) be a state 
of any proof tree, with A satisfiable, and giving the state 
(0,A',C') by application of an inference rule. Then for ev¬ 
ery ground substitution a satisfying A, at is IPAS terminat¬ 
ing. 

Proof. The only rule giving the state (0, A', C 1 ) is Stop. 
When Stop is applied, then 

• either IPAST(S, t ) and then at is IPAS terminating for 
every ground substitution a, 

• or (tref > t ) is satisfiable. Then, for every ground sub¬ 
stitution a satisfying A, at re f A at. By induction hy¬ 
pothesis, at is IPAS terminating. 

□ 

C. THE IPAS TERMINATION THEOREM 

Theorem 1. Let IZ be a probabilistic rewrite system on 
T(T,X) having at least one constructor constant. If there 
is a noetherian ordering >- such that 

• for each symbol g £ V, we have I—SUCCESS(g, y), 

• for each infinitely successful proof tree having a cycle 
(si = ({U : pi}, A m ,Cm),i £ [m..n] with s n = s m ), 
there is i such that pt < 1, 

then every term ofT(iF) is IPAS terminating. 

Proof. We prove that for every ground term s of T (T , X), 
for every policy <fi £ T[s, (j>\ is finite. 

If the top symbol of s is a defined symbol g, consider its 
proof tree, generated from the state {{t re f = g(xi ,..., x m )}, 
T, T). Consider the deterministic proof subtree of this proof 
tree, associated to 4>. 



If the proof subtree is successful, by a reasoning similar to 
the one of the proof of Proposition 1, we state that T[6t r ef,p\ 
is finite for every ground substitution 9. 

If the proof subtree has a cycle, let us compute T[9t re f, p\- 
We first observe how to express the mean length of a term 
of the cycling branch with respect to its successor(s) in the 
proof subtree. 

• If from a state ({t},A,C) we generate ({t'},A',C') 

with an Abstract step, as said in the proof of Ab¬ 
straction Lemma, for any ground substitution a, we 
have T[at, p] = J2 j€ {i lt ...,i p} T Wj, P\+T\pt', p] where 
t' is the abstracted term of t at positions {ii,... ,i P }, 
ft is linked to a as specified in the Abstraction lemma, 
and Ejg-rij ; } P] is finite. We note T[at, p] = 

Ui + T[(3t',p] if the Abstract step is the 1-th of the 
branch. 

• If from a state ({t}, A, C) we generate the states ({vj : 

Pj}, Aj , Cj), j £ [l..g] with a Narrow step, as said in 
the proof of Narrowing Lemma, for any ground substi¬ 
tution a, we have T[at, p] = E je [i.. g ] Pj^+TWjVj, P\), 
the Pj being linked to a as specified in the Narrowing 
lemma. If we isolate the state which is on the infinite 
branch, and whose rank is i, among the states gen¬ 
erated by the Narrow step, the expression becomes 
Eje[i ..q]Pi+ < A]+ PiT[Pm, <j>], 

and we note it Ni + PiT[piVi, p] if the Narrow step is 
the 1-th of the branch. By hypothesis, all brother states 
of ({r>i}, A], C'P) are roots of successful proof trees, and 
then, with a reasoning similar to the one of the proof 
of Proposition 1, we state that the T[/3jVj, p] are finite, 
for every ground substitution 9. Then the real number 
Ni is finite. 

Now, consider the branch with the cycle, and let to = 
tref , ti,... ,tm be the terms of the branch before the cycle, 
and f m +i,..., t n = tm the terms of the cycle. 

We have T[9tref,P\ 

= U i + T[aiti, p] (with an Abstract step) 

= Ui + N\ + piT[a 2 t 2 , P\ (with a Narrow step) 

= Ui + N\ + pi(U 2 + T[a 3 t 3 , (/>]) (with an Abstract step) 
= Ui + Ni +P 1 U 2 T pi (IV 2 + P2T[a4t4, p\) (with a Narrow 
step) 

which is equal to (U 1 + N 1 ) + pi(U 2 + N 2 ) + ... +p k -i(U k + 
N k )+p k {U k +i+T[amtm, p}) for some k if the step generating 
t m is an Abstract step, and equal to (Ui + JVj) + pi(U 2 + 
N 2 ) + ... +p k -i(U k + N k ) + p k T[a m tm, p] for some k if the 
step generating t m is a Narrow step. 

Note that in the considered branch of the proof tree, some 
Abstract steps may not exist, so for some i we can have 
Ui = 0. 

As the Ui and the Ni are finite, and the p; are probabili¬ 
ties, then T[8tref,p] is finite if and only if T[a m tm, p] is. We 
finally prove that T[a m tm, P] is finite. 

From the term f m , there are only Narrow steps along the 
branch of the proof subtree, and with narrowing substitu¬ 
tions equal to Id. So T[a m tm,P] 

= N k +1 + p k +iT[a m + ltm+l , P] 

= N k+ 1 +pi, + iT[a m f m+ i,(i] (since the narrowing substitu¬ 
tion is Id) 

= N k+ 1 + Pk+l(N k+ 2 + Pk+2T[a m tm+2, p]) 


= N k+ 1 + Pk+lN k+ 2 + Pk+lPk+2{N k+ 3 + Pk+3T[a m tm+3, P]) 

= N k + 1 + Pk+lN k +2 + Pk+lPk+2N k +3 + Pk+lPk+2Pk+3 T[a m 
tm+3, P] 

Nk+1 + Sjg[l..n-m-l] (n ie[ i. .j] Pk+i)N k +j +1 + 

(Ilie [1. .n — m] Pk+i)T[a m t n , P]. 

So T[a m t m ,p] is of the form U + V.T[a.mt n , P\, where U 
is finite and V = p k+i with pk+i £ [0,1]. 

Since t n = t m , we have T[a m t m ,p] = U + V.T[a m tm, P] 
and then 

T[a m tm, P] = U -£ (1 — V). 

By hypothesis of Theorem 1, there is a Pi,i £ [k + l..k + 
n — m], such that p; < 1. Thus 1 — V > 0 and T[a m t m , P] 
is finite. 

Thus T[9t re f,p] is finite for every t re f, every ground sub¬ 
stitution 9, and every p. 

The case where the top symbol of s is a constructor is 
treated like in the proof of Proposition 1. 

□ 

D. RESULTS FOR INFINITE PROOF TREES 

Proposition 2. Let IZ be a RS. If the possible cycles in 
the p-deterministic proof subtrees of the proof trees of IZ are 
such that: 

• the first term of the cycle is of the form f(x 1 ,..., x m ) 
where the Xi are either variables or constructor con¬ 
stants, and f can be a constant, 

• the successive rewrite rules of IZ used in the k Narrow 
steps of the cycle are of the form 

fA x Mj = I ijtij : p ij j £ [l..fc] 

where x] ,..., Xm. are also either variables or construc¬ 
tor constants, and the fj can be constants, 

• fl (si, ••• fXmJ m f(xi,. ... ,Xm) 

• for j £ [1 ..k — 1], the term ti-, for some ij, generated 

by the rule fj(x. .,x J mj ) —> Mj = \ ij U i : p tj on the 
branch of the cycle is equal to fj + i(x( + ,•••, ) 

(if k = 1, this condition is void), 

• the term ti k , for some ik, generated by the rule fk(xi, 

• • •, x m k ) —> M k = | ik U k : p-i k on the branch of the 
cycle is equal to f(x 1 ,... ,x m ). 

then, the only inference rule applied in the steps of the cycles 
is Narrow, and with narrowing substitutions equal to Id. 

Proof. Consider the first term of the cycle. It is of the 
form f(x 1 ,... ,Xm) where the Xi are either variables or con¬ 
structor constants, and / can be a constant. 

All variables of f(xi,...,x m ) are in M. Indeed, every 
proof tree begins with an Abstract step, replacing all vari¬ 
ables of the initial pattern g(x 1 ,..., x n ) by abstraction vari¬ 
ables. Moreover, Narrow steps can only introduce abstrac¬ 
tion variables, because narrowing substitutions, applied to 
terms of T{ZF,N), do. In addition, Abstract steps ap¬ 
plied on terms of T (JF, M) give again terms of T [ZF, Af ): 



they just replace subterms by new variable of N. Thus, 
all terms of any proof tree, except the initial term, are in 
T(fF, Af). Therefore, the variables of f(x 1 ,... ,x m ) are ab¬ 
straction variables. 

As we neither abstract the constructor constants, nor the 
abstraction variables, Abstract cannot apply on f(x 1 ,..., 
Xm)- Narrow, however, applies since fi = 

f(x Xm), to give ... ,Xm 2 ). In the same way, 

Abstract cannot apply on /i(*i,... ,Xm 2 )• With a similar 
reasoning until fi(xi ,..., Xm k ), we establish that we only 
have Narrow steps in the cycle. 

Then, with the fourt condition of the proposition, we 
deduce that the successive narrowing substitutions respec¬ 
tively used in the successive Narrow steps are equal to 
Id. "□ 

Proposition 3. Let IZ £ B. Then every proof tree of IZ 
is infinitely successful. 

Proof. Let be a proof tree of IZ. Every (^-deterministic 
proof subtree of proof tree begins with an application of 
Abstract on a pattern g(x 1 ,... ,x m ) to give g( AT,..., X m ). 
Then, we have an application of Narrow, whose narrow¬ 
ing substitution can be different from Id on variables the 
X\ ..... X rn , but equal to Id on the variables of the left- 
hand side of the rule used. Therefore, the terms generated 
by the Narrow step are exactly the terms of the distribution 
of the right-hand side of the rule used. 

If all these terms are not narrowable, a Stop step applies 
on them and the (^-deterministic proof subtree id successful. 

If not, there exists a unique term t, which is a left-hand 
side of rule. The other terms, if they exist, are not nar¬ 
rowable and generate Stop steps as above. On t, Narrow 
applies again, and from this step with Id as narrowing sub¬ 
stitution: we then can reason in the same way than for the 
first application of Narrow. 

After a finite number of applications of Narrow, either 
we only have non narrowable terms, and the ^-deterministic 
proof subtree is succesful, or we get a left-hand side of rule, 
already produced on the branch: we then have a cycle as 
specified in Definition 15. 

□ 



